SEC Division of Examinations 2025 Exam Priorities – a Focus on Artificial Intelligence, Private Funds, and Cybersecurity
SEC Division of Examinations 2025 Exam Priorities – a Focus on Artificial Intelligence, Private Funds, and Cybersecurity
On October 21, 2024, the U.S. Securities and Exchange Commission’s (“SEC”) Division of Examinations (“EXAMS”) announced its 2025 Examination Priorities (the “2025 Priorities”), highlighting areas that it expects to target during examinations in 2025. The 2025 Priorities reinforce many of the same areas of focus as the 2024 priorities, including investment advisers to private funds, conflicts of interest disclosures, Regulation Best Interest (“Reg BI”), cybersecurity, and crypto assets. The 2025 Priorities also signal heightened attention to emerging areas of concern, including the use of artificial intelligence (“AI”) and client exposure to commercial real estate.
Registered investment advisers (“RIAs”), registered investment companies (“RICs”), and broker-dealers should carefully review the 2025 Priorities to ensure their compliance systems and policies are up to date, monitored, and enforced. Indeed, given the SEC’s history of pursuing enforcement actions in areas highlighted in prior years as Examination Priorities, appropriate attention to the 2025 Priorities today could save regulated entities considerable resources down the road.[1]
The 2025 Priorities reiterate that operational disruption risks remain elevated due to the proliferation of cybersecurity attacks, firms’ dispersed operations, weather-related events, and geopolitical concerns. As a perennial examination priority, EXAMS will continue to focus on cybersecurity practices by registrants, including assessing whether registrants’ procedures and practices reasonably manage information security and operational risks. Particular attention will be on firms’ policies and procedures, governance practices, data loss prevention, access controls, account management, and responses to cyber-related incidents.
EXAMS will assess registrant compliance with Regulations S-ID and S-P, as applicable, including registrants’ progress in preparing to comply with the SEC’s amendments to Regulation S-P, adopted on May 16, 2024. The amendments require the adoption of policies and procedures for incident response programs and service provider oversight, expand the definition of “customer information,” establish a new minimum standard for data breach notifications, and impose new recordkeeping obligations.[2] EXAMS anticipates conducting targeted outreach to the securities industry and engaging with firms during examinations about their progress in preparing to establish incident response programs required under the amended rule. This suggests that registrants should anticipate questions from EXAMS staff about their efforts to comply with the Regulation S-P amendments prior to the applicable compliance date.[3]
On February 15, 2023, the SEC adopted amendments to Rule 15c6-1 to shorten the standard settlement cycle for transactions in most securities to one business day after the trade date (“T+1”).[4] In 2025, EXAMS will evaluate broker-dealer compliance with the amended rule, as well as compliance with Rule 15a6-2 under the Exchange Act, which requires broker-dealers engaging in the allocation, confirmation, or affirmation process to have written agreements or written procedures reasonably designed to ensure completion of the process as soon as practicable and no later than the end of day on trade date (“T+0”). We expect that the SEC staff will continue to monitor fails-to-deliver data closely and test compliance with the close-out requirement of Rule 204 of Regulation SHO.
The Division remains focused on registrants’ use of certain services, such as automated investment tools, AI, and trading algorithms or platforms, and the risks associated with their use. The 2025 Priorities note that EXAMS will, in particular, examine firms that employ certain digital engagement practices, such as digital investment advisory services, recommendations, and related tools and methods. These examinations will assess whether (1) representations are fair and accurate, (2) operations and controls in place are consistent with disclosures made to investors, (3) algorithms produce advice or recommendations consistent with investors’ investment profiles or stated strategies, and (4) controls to confirm that advice or recommendations resulting from digital engagement practices are consistent with regulatory obligations to investors, including older investors. The SEC staff appears to be keenly focused on the use of AI in the front-office context, although there will be continued scrutiny of middle and back-office use.
With respect to AI, EXAMS will focus its examinations on the following:
The 2025 Priorities reiterate EXAMS’ focus on monitoring and conducting examinations of registrants offering crypto asset-related services. Examinations of registrants will continue to focus on the offer, sale, recommendation, advice, trading, and other activities involving crypto assets that are offered and sold as securities or related products. We expect that the SEC staff will coordinate priorities with FINRA to maximize regulatory focus in this space.[5]
The 2025 Priorities remain focused on investment advisers’ adherence to their fiduciary duties, including whether their investment advice regarding products, investment strategies, and account types satisfies their duty of care and duty of loyalty obligations owed to their clients.
In particular, EXAMS will continue to focus on recommendations provided to clients related to (1) high‑cost products, (2) unconventional instruments, (3) illiquid and difficult-to-value assets, and (4) assets sensitive to higher interest rates or changing market conditions, including commercial real estate. With respect to dual registrants and investment advisers with affiliated broker-dealers, EXAMS will focus on (1) assessing investment advice and recommendations regarding certain products to determine whether they are suitable for clients’ advisory accounts, (2) reviewing disclosures to clients regarding the capacity in which recommendations are made, (3) reviewing the appropriateness of account selection practices, and (4) assessing whether and how investment advisers adequately mitigate and fairly disclose conflicts of interest.
The 2025 Priorities reiterate that the effectiveness of investment advisers’ compliance programs is a fundamental part of the examination process and note that examinations will continue to focus on (1) whether such policies adequately address any outsourcing of investment selection and/or management functions, (2) any alternative sources of revenue or benefits that the advisers receive, and (3) the appropriateness and accuracy of fee calculations and the disclosure of any fee-related conflicts.
The 2025 Priorities indicate that EXAMS will perform a more in-depth review of certain practices, including the use of AI or client exposure to commercial real estate. For example, investment advisers that integrate AI into their advisory operations, including portfolio management, trading, marketing, and compliance, should expect that SEC examiners will conduct an in-depth review of the investment adviser’s compliance policies and disclosures related to these areas. Given the SEC staff’s focus on AI, investment advisers that use AI solely for non-investment advisory tasks should also consider adopting and implementing policies and procedures to implement safeguards to ensure employees do not use AI for prohibited activities. Similarly, investment advisers with clients invested in commercial real estate or other illiquid securities should expect EXAMS to focus on valuation issues related to those investments.[6]
Also, if an investment adviser utilizes a large number of independent contractors working from geographically dispersed locations, an examination may focus on supervision and oversight practices. Examinations may focus on compliance practices if an investment adviser implements changes to its business model or is new to advising particular types of assets, clients, or services.
The 2025 Priorities make clear that the SEC staff will continue its focus on private fund advisers. EXAMS remains focused on portfolio management risks when there is exposure to market volatility and higher interest rates and clarified that in 2025, EXAMS will specifically look at whether disclosures are consistent with actual practices and if an investment adviser met its fiduciary obligations in this context. As with previous years, EXAMS will prioritize examinations of investment advisers that have never been examined, including newly registered advisers, and those that have not been recently examined.
The 2025 Priorities also highlight EXAMS’ interest in the topic areas set forth below. Interestingly, certain of these topics appear to address practices that were addressed in the SEC’s “Private Fund Adviser Rules”[7]—which were vacated by the U.S. Court of Appeals for the Fifth Circuit on June 5, 2024[8]—including adviser-led secondary transactions and the disclosure of fees and expenses. This suggests that EXAMS staff may attempt to impose standards on private fund advisers that are consistent with the principles set forth in the Private Fund Adviser Rules, perhaps through Rules 206(4)-1 and 206(4)-8 under the Advisers Act, despite the vacatur of the Private Fund Adviser Rules.
EXAMS will continue to prioritize examinations of RICs, including mutual funds and exchange-traded funds. The 2025 Priorities emphasize specific examination focus areas, including the following: (1) fund fees and expenses, and any associated waivers and reimbursements; (2) oversight of service providers (both affiliated and third party); (3) portfolio management practices and disclosures, for consistency with claims about investment strategies or approaches and with fund filings and marketing materials; and (4) issues associated with market volatility. EXAMS will also continue to monitor RICs with exposure to commercial real estate and compliance with new and amended rules.
EXAMS will continue to examine broker-dealers on their practices related to Reg BI and their compliance with Form CRS requirements. In particular, examinations will continue to focus on recommended products that are complex, illiquid, or present higher risk to investors (e.g., highly leveraged or inverse products, crypto assets, structured products, alternative investments, products that are not registered with the SEC, products with complex fee structures or return calculations, products based on exotic benchmarks, and products that represent a growth area for retail investment). EXAMS will also focus on the structure, marketing, fees, and potential conflicts associated with offerings by broker-dealers to retail customers, including bank sweep programs, fully paid lending programs, and mobile apps/online trading platforms.
Examinations may also focus on broker-dealers’ recommendations using automated tools or digital engagement practices and recommendations relating to opening different account types, such as option, margin, and self-directed IRA accounts.
Examinations will continue to focus on broker-dealer compliance with the Net Capital Rule (Rule 15c3-1 under the Exchange Act) and the Customer Protection Rule (Rule 15c3-3 under the Exchange Act) and related internal processes, procedures, and controls. The 2025 Priorities highlight areas of review including (1) the timeliness of financial notifications and other required filings made by the broker-dealer, and (2) the supervision of third-party or vendor-provided services that contribute to the records firms used to prepare their financial reporting information.
EXAMS will continue to focus on broker-dealer equity and fixed income trading practices. Areas of review include:
The 2025 Priorities note that EXAMS will continue to focus on:
The 2025 Priorities note for the first time a focus on examinations of the following:
EXAMS remains focused on the same AML examination priorities as 2024, including reviewing whether broker-dealers and certain RICs are (1) appropriately tailoring their AML program to their business model and associated AML risks, (2) conducting independent testing, (3) establishing an adequate customer identification program, including for beneficial owners of legal entity customers, and (4) meeting their Suspicious Activity Reports (SAR) filing obligations.
If you have any questions about the 2025 Priorities, or preparing for SEC examinations, please contact a member of MoFo’s Investment Management, Broker-Dealer, or Securities Litigation, Enforcement, and White Collar Defense group.
[1] See Top 5 SEC Enforcement Developments for September 2024, MoFo Client Alert (Oct. 24, 2024).
[2] See U.S. SEC Adopts Amendments to Reg S-P, MoFo Client Alert (May 28, 2024).
[3] The compliance date for the Reg S-P amendments is December 3, 2025, for “larger entities” and June 3, 2026, for “smaller entities” (as those terms are defined the SEC’s Adopting Release for the amendments).
[4] See New SEC Rules and Amendments Shorten the Standard Securities Transaction Settlement Cycle to T+1, MoFo Client Alert (February 24, 2023).
[5] For example, FINRA conducted a recent sweep into whether registered representatives’ crypto-related activities were in compliance with FINRA Rule 3270 (Outside Business Activities of Registered Persons) and FINRA Rule 3280 (Private Securities Transactions of an Associated Person).
[6] For a more in-depth discussion of AI, please see the “AI and Other Emerging Financial Technologies” section above.
[7] See SEC Adopts Expansive Private Fund Adviser Rules, MoFo Client Alert (Sept. 1, 2023).
[8] See Fifth Circuit Vacates SEC Private Fund Adviser Rules, MoFo Client Alert (June 12, 2024).
[9] See SEC Adoption of Current Reporting and Other Amendments to Form PF, MoFo Client Alert (May 4, 2023).
[10] See Marketing Rule Implementation - Are You Ready for November 4th?, MoFo Client Alert (Sept. 23, 2022).
[11] See Significant Investment Adviser Regulatory Developments in 2024, MoFo Client Alert (Aug. 21, 2024).